How i took care of formmail searchers! Laugh!

First of all, i disabled all formmail in /cgi-sys/ and told all my resellers to inform their clients that formmail is no longer an option. I found tons of ips still bombing my site looking for the illusive formmail script so this is what i did.

In my cgi-bin, I have a real formmail.php script running that will record the ip and send an automatic report the isp. So if they continue searching my system in cgi-bin they will be banned for sure and reported. Here is what those reports look like.

Anyone who tried to load /cgi-sys/formmail from any of your user sites will get my lovely msg.

OPTIONS: You could also modify the above to redirect them to any site you want. :D I have a few sites in mind. A nice f-u site would be nice. Use your imagination. You could use a redirectmatch directive to redirect them to any site you want.

hey I clicked on your formmail link and it say i was reported uhoh.. im an idiot lol

Originally posted by sexy_guy First of all, i disabled all formmail in /cgi-sys/ and told all my resellers to inform their clients that formmail is no longer an option. I found tons of ips still bombing my site looking for the illusive formmail script so this is what i did.

In my cgi-bin, I have a real formmail.php script running that will record the ip and send an automatic report the isp. So if they continue searching my system in cgi-bin they will be banned for sure and reported. Here is what those reports look like.

Anyone who tried to load /cgi-sys/formmail from any of your user sites will get my lovely msg.

OPTIONS: You could also modify the above to redirect them to any site you want. :D I have a few sites in mind. A nice f-u site would be nice. Use your imagination. You could use a redirectmatch directive to redirect them to any site you want.

While I understand what you are trying to do it is not a good idea IMO.

What you are getting hit with now is a script or robot doing probes and by adding a page for it to go to, it is going to return a success http 200 to the owner of that script. That is going to put your server on the list for when he decides to unlease the real thing and start a major spam campaign.

If left as a 404 error he is likely to take your server off the list and go away and leave you alone since it is a non success. If it was a human doing the probe each time then what you did may have some effect but I think you are opening yourself up to allot more of this later on.

this takes care of any automated searches from the kiddies and still gives our customers the opportunity to use the formmail script

99.99% of formail searches are automated and changing the name of the script gets rid of these buggers

I am complete newbie to Nix and Cpanel - can someone give me nudge into the right direction?

I can (barely) SSH as root
I am blonde but willing to learn

Can anyone help?

1)
Is there a way to search with SSH to scan all files in /home
for the string "cgi-sys/FormMail.cgi" -- or better yet REPLACE "cgi-sys/FormMail.cgi" with "sgi-sys/SmartMail.cgi" ?? this would take care of mass find and replace in users web pages so our users would not have to do any work

As far as changing the cpanel themes that is going to be hard because any changes you do will be over written and if you chattr them to protect from changes then your themes will not get updated when cpanel fixes bugs adds features etc.
BUT the good news is that the script is never really installed on the site so all you have to do is add to the cpanel news that formmail.cgi is now called smartmail.cgi and to use it simply call smartmail.cgi in their forms instead of formmail.cgi so there is no real need to change the themes.

Your example of Alias did not work for me on any of my servers. Yes, I reloaded Apache each time I edited httpd.conf . I did get the Redirect directive to work, but not the Alias directive. I seem to have the mod_alias module, but it will not work.